Logstash
Input:https://www.elastic.co/guide/en/logstash/current/input-plugins.html
Input {
File {
Path = "/var/log/messages"
Type = "System"
Start_position = "Beginning"
}
File {
Path = "/var/log/elasticsearch/alex.log"
Type = "Es-error"
Start_position = "Beginning"
}
}
Output:https://www.elastic.co/guide/en/logstash/current/output-plugins.html
Output {
if [type] = = "System" {
Elasticsearch {
hosts=>["192.168.1.1:9200"]
Index=> "system-%{+yyyy. MM.DD} "
}
}
if [type] = = "Es-error" {
Elasticsearch {
hosts=>["192.168.1.1:9200"]
Index=> "es-error-%{+yyyy. MM.DD} "
}
}
}
Collect Java Error stack information (multiple lines of error)
Need codec plugin
Input {
stdin {
Codec = Multiline {
Pattern = "RegExp"
negate = "true or false"
what = "previous or Next"//merge to the previous row or the next line
}
}
}
Example 1:
Input {
stdin {
Codec = Multiline {
Pattern = "^\["
negate = "true"
what = "Previous"
}
}
}
Output {
stdout {
codec = "Rubydebug"
}
}
Case 2:
Input {
File {
Path = "/var/log/messages"
Type = "System"
Start_position = "begining"
}
File {
Path = "/var/log/elasticsearch/alex.log"
Type = "Es-error"
Start_position = "Beginning"
Codec = Multiline {
Pattern = "^\["
negate = "true"
what = "Previous"//merge to the previous row or the next line
}
}
}
Output {
if [type] = = "System" {
Elasticsearch {
hosts=>["192.168.1.1:9200"]
Index=> "system-%{+yyyy. MM.DD} "
}
}
if [type] = = "Es-error" {
Elasticsearch {
hosts=>["192.168.1.1:9200"]
Index=> "es-error-%{+yyyy. MM.DD} "
}
}
}
Oldboy es and Logstash